Switch v7 Ch06

Chapter 6:
First-Hop Redundancy
CCNP SWITCH: Implementing Cisco IP Switched

Networks
SWITCH v7.1 Chapter 6

2007 2016, Cisco Systems, Inc. All rights reserved.
Cisco Public
Chapter 6 Objectives
Overview of FHRP and HSRP
Configure and verify VRRP
Configure and verify GLBP
Chapter 6
Cisco Public
Overview of
FHRP and HSRP
Chapter 6
Cisco Public
Overview of FHRP and HSRP
The need for first-hop redundancy protocols

HSRP overview
HSRP state transitions
Aligning HSRP with STP topology
Configuring and tuning HSRP
Load sharing with HSRP
Options HSRP has for tracking
Configuring HSRP interface tracking
Configuring object tracking in combination with HSRP
Configuring HSRP authentication
Tuning HSRP timers
The differences between HSRP Versions 1 and 2
Chapter 6
Cisco Public
The Need for First-Hop Redundancy

Network hosts are
configured with a single
default gateway IP
address
If the router whose IP
address serves as the
default gateway to the
network host fails, a
network host will be
unable to send packets to
another subnet
Chapter 6
Cisco Public
The Need for First-Hop Redundancy

With first-hop router redundancy, a set of routers or Layer 3
switches work together to present the illusion of a single
virtual router to the hosts on the LAN.
By sharing an IP address and a MAC (Layer 2) address,
two or more routers can act as a single virtual router
Chapter 6
Cisco Public
HSRP Overview
When frames are to be sent from the workstation to the default
gateway, the workstation uses ARP to resolve the MAC address
that is associated with the IP address of the default gateway.
The ARP resolution will return the MAC address of the virtual
router.
Frames that are sent to the MAC address of the virtual router can
then be physically processed by an active router that is part of
that virtual router group.
The physical router that forwards this traffic is transparent to the
network hosts.
The redundancy protocol provides the mechanism for
determining which router should take the active role in
forwarding traffic and determining when that role must be taken
over by a standby router.
Chapter 6
Cisco Public
HSRP Overview
When the forwarding router
or a link to it fails
The standby router stops
seeing hello messages
from the forwarding router.
The standby router
assumes the role of the
forwarding router.
As the new forwarding
router assumes both the
IP and MAC addresses of
the virtual router, the end
stations see no disruption
in service.
Chapter 6
Cisco Public
HSRP Overview
HSRP active and standby routers send hello messages to
multicast address 224.0.0.2 (all routers) for Version 1, or
224.0.0.102 for Version 2, using User Datagram Protocol
(UDP) port 1985.
Hello messages are used to communicate between routers
in the HSRP group.
All the routers in the HSRP group need to be L2 adjacent so
that hello packets can be exchanged.
Chapter 6
Cisco Public
HSRP Router Roles

All the routers in an HSRP group have specific roles and
interact in specific manners:
Virtual router
An IP and MAC address pair that end devices have configured as their
default gateway.
The active router processes all packets and frames sent to the virtual
router address.
The virtual router processes no physical frames. There is one virtual
router in an HSRP group.
Active router
Within an HSRP group, one router is elected to be the active router.
The active router physically forwards packets sent to the MAC address
of the virtual router.
There is one active router in an HSRP group.
Chapter 6
Cisco Public
10
HSRP Router Roles

Standby router
Listens for periodic hello messages. When the active router fails, the
other HSRP routers stop seeing hello messages from the active
router.
The standby router then assumes the role of the active router. There
is one standby router in an HSRP group.
Other routers
There can be more than two routers in an HSRP group, but only one
active and one standby router is possible.
The other routers remain in the initial state, and if both the active and
standby routers fail, all routers in the group contend for the active and
standby router roles.
Chapter 6
Cisco Public
11
HSRP Active Router Operation

Router A assumes the active role and forwards all frames
addressed to the assigned HSRP MAC address of
0000.0c07.acxx, where xx is the HSRP group identifier.
Chapter 6
Cisco Public
12
HSRP State Transition
Chapter 6
Cisco Public
13
Chapter 6
Cisco Public
14

When two routers participate in an election process, a
priority can be configured to determine which router should
become active.
Without specific priority configuration, each router has a
default priority of 100, and the router with the highest IP
address is elected as the active router.
Regardless of other router priorities or IP addresses, an
active router will stay active by default.
A new election will occur only if the active router is removed.
When the standby router is removed, a new election is
made to replace the standby router.
This behavior can change with the preempt option.
Chapter 6
Cisco Public
15
Aligning HSRP with STP Topology
It is a good practice to configure the same Layer 3 switch to be both

the spanning-tree root and the HSRP active router for a single VLAN.
This approach ensures that the Layer 2 forwarding path leads
directly to the Layer 3 device that is the HSRP active gateway, thus
achieving maximum efficiency.
Chapter 6
Cisco Public
16
Configuring and Tuning HSRP
Chapter 6
Cisco Public
17
Configuring and Tuning HSRP

Step 1. Configure R1s Ethernet 0/1 (LAN-facing interface) with
192.168.1.3/24 IP address and HSRP standby IP of 192.168.1.1.
The IP of 192.168.1.1 is HSRPs virtual IP address that is also configured
as the default gateway IP address on PC 1 and PC 2:
R1(config)# interface ethernet 0/1
R1(config-if )# ip address 192.168.1.3 255.255.255.0
R1(config-if)# standby 1 ip 192.168.1.1
Step 2. Configure R2s Ethernet 0/1 (LAN-facing interface) with
192.168.1.2/24 IP address and HSRP standby IP of 192.168.1.1.
Both R1 and R2 must have the same HSRP virtual IP address configured:
R2(config-if)# ip address 192.168.1.2 255.255.255.0
Chapter 6
Cisco Public
18
Verify the ARP table

Step 3. On R1, verify the ARP table:
R1# show ip arp
Chapter 6
Cisco Public
19
Forwarding Through the Active Router
Chapter 6
Cisco Public
20
Make R2 the Active Router

Configure R2s HSRP group 1 with priority of 110:
R2(config-if)# standby 1 priority 110
Configure R1s and R2s Ethernet 0/1 HSRP group 1

interfaces with preemption:

R1(config-if)# standby 1 preempt
Chapter 6
Cisco Public
21
Make R2 the Active Router

R2# show standby brief
Chapter 6
Cisco Public
22
Router R2 Failure Scenario
Chapter 6
Cisco Public
23
HSRP States After R2 Recover
Chapter 6
Cisco Public
24
Load Sharing with HSRP
Chapter 6
Cisco Public
25
Multigroup HSRP (MHSRP)
Chapter 6
Cisco Public
26
Multigroup HSRP (MHSRP)
Chapter 6
Cisco Public
27
The Need for Interface Tracking with HSRP

HSRP can track interfaces or objects and decrement priority if an
interface or object fails.
Interface tracking enables the priority of a standby group router to be
automatically adjusted, based on the availability of the router interfaces.
When a tracked interface becomes unavailable, the HSRP priority of the
router is decreased.
When properly configured, the HSRP tracking feature ensures that a
router with an unavailable key interface will relinquish the active router
role.
When the conditions that are defined by the object are fulfilled, the
router priority remains the same.
As soon as the verification that is defined by the object fails, the router
priority is decremented.
The amount of decrease can be configured.
The default value is 10.
Chapter 6
Cisco Public
28
HSRP Interface Tracking
HSRP has a built-in mechanism for detecting link failures and

starting the HSRP reelection process.
Chapter 6
Cisco Public
29
HSRP with Interface Tracking On
Chapter 6
Cisco Public
30
HSRP Tracking Configuration

R2(config-if)# ip address 192.168.10.2
R2(config-if)# standby 10 priority 110
R2(config-if)# standby 10 track ethernet1/1 20
Chapter 6
Cisco Public
31
HSRP Tracking Configuration Arguments
Chapter 6
Cisco Public
32
HSRP and Object Tracking
Chapter 6
Cisco Public
33
HSRP With Object Tracking
Chapter 6
Cisco Public
34
HSRP and Object Tracking Configuration

First, define an IP SLA ICMP echo test:
R2(config)# ip sla 10
R2(config-ip-sla)# icmp-echo 192.168.3.2
R2(config-ip-sla-echo)# frequency 5
R2(config-ip-sla-echo)# ip sla schedule 10 life
forever start-time now
Then create an object and track the IP SLA instance:

R2(config)# track 100 ip sla 10
Then configure HSRP to track an object and decrement

priority if the test fails:
R2(config-if)# standby 1 track 100 decrement 20
Chapter 6
Cisco Public
35
Tracked objects
Tracked objects are defined in global configuration with the
keyword track , followed by an object number.
Although IP SLA is just one of the options that can be
tracked, as shown in the following syntax, you can track up
to 500 objects:
Switch(congi)# track 1 ?
interface
Select an interface to track
ip
IP protocol
list
Group objects in a list
Chapter 6
Cisco Public
36
Tracked objects
Tracked objects offer a vast group of possibilities.
A few options that are commonly available include the following
An interface
This performs a similar function like the HSRP interface tracking
mechanism, but with advanced features. This tracking object can not only
verify the interface status (line protocol) but also whether IP routing is
enabled, whether an IP address is configured on the interface, and whether
the interface state is up, before reporting to the tracking client that the
interface is up.
IP route
A tracked IP-route object is considered up and reachable when a routing
table entry exists for the route and the route is accessible. To provide a
common interface to tracking clients, route metric values are normalized to
the range of 0 to 255, where 0 is connected and 255 is inaccessible. You
can track route reachability, or even metric values, to determine best-path
values to the target network.
Chapter 6
Cisco Public
37
Tracked objects (continue)

IP SLA
This special case allows you to track advanced parameters such as
IP reachability, delay, or jitter.
A list of objects
You can track several objects and interrelate their results to determine
whether one or several of them should trigger the success or fail
condition.
Chapter 6
Cisco Public
38
Configuring HSRP Authentication

HSRP provides the following two types of authentication:
Plain text
Message digest 5 (MD5) algorithm
To configure plain-text authentication, use the following

interface configuration command on HSRP peers:
Switch(config-if)# standby group authentication
string
To configure MD5 authentication, use the following interface

configuration command on HSRP peers:
Switch(config-if)# standby group authentication md5
key-string [ 0 | 7 ] string
Chapter 6
Cisco Public
39
Configuring HSRP Authentication

To configure MD5 authentication using key chains, use the
following command sequence:
Switch(config)# key chain chain-name
Switch(config-keychain)# key key-number
Switch(config-keychain-key)# key-string [ 0 | 7 ]
string
Switch(config-keychain-key)# exit
Switch(config)# interface interface-slot/number
Switch(config-if)# standby group authentication md5
key-chain chain-name
Chapter 6
Cisco Public
40
Tuning HSRP Timers

By default, the HSRP hello time is 3 seconds, and the hold
time is 10 seconds, which means that the failover time could
be as much as 10 seconds for clients to start communicating
with the new default gateway.
In some cases, this interval may be excessive for application
support.
The hello-time and the hold-time parameters are configurable.
To configure the time between the hello messages and the
time before other group routers declare the active or standby
router to be nonfunctioning, enter this command in the
interface configuration mode:
Switch(config-if)# standby [ group-number ]
timers [ msec ] hellotime [ msec ] holdtime
Chapter 6
Cisco Public
41
Preemption Delay
Preemption is an important feature of HSRP that allows the primary
router to resume the active role when it comes back online after a
failure or a maintenance event.
Preemption is a desired behavior as it forces a predictable routing
path for the VLAN traffic during normal operations.
It also ensures that the Layer 3 forwarding path for a VLAN parallels
the Layer 2 STP forwarding path whenever possible.
When a preempting device is rebooted, HSRP preemption
communication should not begin until the distribution switch has
established full connectivity to the rest of the network.
This situation allows the routing protocol convergence to occur more
quickly, after the preferred router is in an active state.
To accomplish this, measure the system boot time and set the HSRP
preemption delay to a value that is about 50 percent greater than
devices boot time
Chapter 6
Cisco Public
42
Configuring HSRP Preemption Delay Timers
For example, if the boot time for the distribution device is

150 seconds, the preempt delay should be set to 225
seconds
Chapter 6
Cisco Public
43
HSRP Versions
There are two HSRP versions available on most Cisco
routers and Layer 3 switches:
HSRPv1 and HSRPv2.
Version 1 is a default version on Cisco IOS devices.

HSRPv2 allows group numbers up to 4095, thus allowing
you to use VLAN number as the group number.
HSRP Version 2 must be enabled on an interface before
HSRP IPv6 can be configured.
HSRP Version 2 will not interoperate with HSRP Version 1.
All devices in an HSRP group must have the same version
configured; otherwise, the hello messages are not
understood.
Chapter 6
Cisco Public
44
HSRP Versions
An interface cannot operate both Version 1 and Version 2
because they are mutually exclusive.
The MAC address of the virtual router and the multicast
address for the hello messages are different with Version 2.
HSRPv2 uses the new IP multicast address 224.0.0.102 to
send the hello packets instead of the multicast address of
224.0.0.2, which is used by Version 1.
To enable HSRP Version 2, enable the following
configuration:
Switch(config-if) standby hsrp-number
version 2
Chapter 6
Cisco Public
45
Configuring Layer
3 Redundancy
with VRRP
Chapter 6
Cisco Public
46
Configuring Layer 3 Redundancy with VRRP

Upon completing this section, you will be able to do the
following:
Describe the idea behind VRRP
Configure and verify VRRP
Describe the differences between HSRP and VRRP
Describe tracking options with VRRP
Configure VRRP interface object tracking
Chapter 6
Cisco Public
47
About VRRP
VRRP is an open standard alternative to HSRP.
VRRP is similar to HSRP, both in operation and configuration.
The VRRP master is analogous to the HSRP active gateway,
and the VRRP backup is analogous to the HSRP standby
gateway.
A VRRP group has one master device and one or multiple
backup devices.
A device with the highest priority is the elected master. Priority
can be a number between 0 and 255.
Priority value 0 has a special meaning; it indicates that the current
master has stopped participating in VRRP.
This setting is used to trigger backup devices to quickly transition to
master without having to wait for the current master to time out.
Chapter 6
Cisco Public
48
About VRRP
VRRP differs from HSRP in that it allows you to use an address of one
of the physical VRRP group members as a virtual IP address.
In this case, the device with the used physical address is a VRRP master whenever
it is available.
The master is the only device that sends advertisements (analogous to

HSRP hellos).
Advertisements are sent to the 224.0.0.18 multicast address, protocol
number 112.
The default advertisement interval is 1 second. The default hold time is
3 seconds.
HSRP, in comparison, has the default hello timer set to 3 seconds and
the hold timer to 10 seconds.
Like with HSRP, load sharing is also available with VRRP. Multiple
virtual router groups can be configured
Contrary to HSRP, preemption is enabled by default with VRRP.
Chapter 6
Cisco Public
49
About VRRP
Chapter 6
Cisco Public
50
HSRP and VRRP Differences
Chapter 6
Cisco Public
51
Configuring VRRP and Spotting the Differences from HSRP
Chapter 6
Cisco Public
52
IP Addressing for the VRRP Configuration
Chapter 6
Cisco Public
53
Configuring VRRP
Step 1. Configure R1s Ethernet 0/1 with IP address
192.168.1.3 and VRRP virtual IP address 192.168.1.1:
R1(config-if)# vrrp 1 ip 192.168.1.1
Configure R2s Ethernet 0/1 with IP address of 192.168.1.2

and VRRP virtual IP address of 192.168.1.1:
R2(config-if)# vrrp 1 ip 192.168.1.1
Step 2. Configure R2s Ethernet 0/1 with VRRP priority of

110:
R2(config-if)# vrrp 1 priority 110
Chapter 6
Cisco Public
54
Verify the VRRP Status
Chapter 6
Cisco Public
55
VRRP and Authentication

Configure MD5 authentication for VRRP on R1s Ethernet 0/1
interface:
R1(config-if)# vrrp 1 authentication md5 key-string
MyVRRP
%VRRP-4-BADAUTHTYPE: Bad authentication from 192.168.1.2,
group 1, type 0, expected 254.
Configure MD5 authentication for VRRP on R2s Ethernet 0/1

interface:
R2(config-if)# vrrp 1 authentication md5 key-string
MyVRRP
R1s CLI:
%VRRP-6-STATECHANGE: Et0/1 Grp 1 state Master -> Backup
Chapter 6
Cisco Public
56
Tracking and VRRP

VRRP does not have a native interface tracking mechanism
but it does have the ability to track objects.
Chapter 6
Cisco Public
57
Tracking and VRRP Configuration

Create a tracked object, where the status of the uplink
interface is tracked:
R2(config)# track 1 interface ethernet 0/0 lineprotocol
Configure VRRP to track previously created object and

decrease VRRP priority by 20 should the uplink fail:
R2(config-if)# vrrp 1 track 1 decrement 20
Chapter 6
Cisco Public
58
Configuring
Layer 3
Redundancy with
GLBP
Chapter 6
Cisco Public
59
Configuring Layer 3 Redundancy with GLBP

Upon completing this section, you will be able to do the
following:
Describe the basic idea behind GLBP
Compare GLBP to HSRP
Describe the possible states of GLBP virtual gateway and
virtual forwarder
Configure and verify GLBP
Understand GLBP operations
List and describe GLBP load-balancing options
Secure GLBP using authentication
Describe GLBP behavior in VLANs with running STP
Describe the system of weights and decrements in GLBP
Chapter 6
Cisco Public
60
Introducing GLBP
GLBP shares some concepts with VRRP and HSRP, but the
terminology differs, and its behavior is more dynamic and robust.
Although HSRP and VRRP provide gateway resiliency only the
active router within the group forwards the traffic for the virtual MAC.
HSRP and VRRP can accomplish load sharing by manually
specifying multiple groups and assigning multiple default gateways.
GLBP is a Cisco proprietary solution that allows for automatic
selection and simultaneous use of multiple available gateways, in
addition to automatic failover between those gateways.
Multiple routers share the load of packets that, from a clients
perspective, are sent to a single default gateway address.
There is also no need to configure a specific gateway address on an
individual host. All hosts can use the same default gateway.
Chapter 6
Cisco Public
61
GLBP Roles
GLBP routers are divided into two roles: a gateway and a forwarder:
GLBP AVG (active virtual gateway)
Members of a GLBP group elect one gateway to be the AVG for that group.
Other group members provide a backup for the AVG when the AVG becomes
unavailable; these will be in standby state.
The AVG assigns a virtual MAC address to each member of the GLBP group.
The AVG listens to the ARP requests for the default gateway IP and replies with a MAC
address of one of the GLBP group members, thus load sharing traffic among all the
group members.
GLBP AVF (active virtual forwarder)

Each gateway assumes responsibility for forwarding packets that are sent to the virtual
MAC address that is assigned to that gateway by the AVG.
These gateways are known as AVFs. There can be up to four forwarders within a GLBP
group.
All other devices will be secondary forwarders, serving as backup if the current AVF fails.
Forwarders that are forwarding traffic for a specific virtual MAC are in the active state
and are called AVFs. Forwarders that are serving as backups are in the listen state.
Chapter 6
Cisco Public
62
Comparing GLPB to HSRP
Chapter 6
Cisco Public
63
GLBP States
Chapter 6
Cisco Public
64
GLBP States (Gateway)

Following are the possible virtual gateway states:
Disabled: The virtual IP address has not been configured or learned,
but there is some GLBP configuration.
Initial: The virtual IP address has been configured or learned, but
configuration is not complete. The interface must be operational on
Layer 3 and configured to route IP.
Listen: The virtual gateway is receiving hello packets. It is ready to
change to speak state if the active or standby virtual gateway
becomes unavailable.
Speak: The virtual gateway is trying to become the active or standby
virtual gateway.
Standby: This gateway is next in line to be the active virtual gateway.
Active: This gateway is the AVG, and is responsible for responding to
ARP requests for the virtual IP address.
Chapter 6
Cisco Public
65
GLBP States (Forwarder)

The following are the possible virtual forwarder states:
Disabled: The virtual MAC address has not been assigned
or learned. The disabled virtual forwarder will be deleted
shortly. This state is transitory only.
Initial: The virtual MAC address is known but configuration
of virtual forwarder is not complete. The interface must be
operational on Layer 3 and configured to route IP.
Listen: This virtual forwarder is receiving hello packets and
is ready to change to the active state if the active virtual
forwarder becomes unavailable.
Active: This gateway is the AVF, and is responsible for
forwarding packets sent to the virtual forwarders MAC
address.
Chapter 6
Cisco Public
66
Configuring and Verifying GLBP
Chapter 6
Cisco Public
67
IP Addresses Used in GLBP Configuration
Chapter 6
Cisco Public
68
GLBP Configuration
and GLBP virtual IP address of 192.168.1.1:
R1(config-if )# glbp 1 ip 192.168.1.1

and GLBP virtual IP address of 192.168.1.1:
R2(config-if)# glbp 1 ip 192.168.1.1
Chapter 6
Cisco Public
69
GLBP Configuration
Configure R1s Ethernet 0/1 with GLBP priority of 110 and
enable preemption for both GLBP routers:
R1(config-if)# glbp 1 priority 110
R1(config-if)# glbp 1 preempt
R2(config-if)# glbp 1 preempt
Chapter 6
Cisco Public
70
The virtual MAC addresses of GLBP

The virtual MAC addresses of GLBP are in the form of
0007.b4XX.XXYY.
XXXX is a 16-bit value that represents six 0 bits, followed by
a 10-bit GLBP group number.
YY is an 8-bit value, and it represents the virtual forwarder
number.
The AVG assigned forwarder 1 virtual MAC address of
0007. b400.0101 and forwarder 2 virtual MAC address of
0007.b400.0102
Chapter 6
Cisco Public
71
GLBP Final Configuration
Chapter 6
Cisco Public
72
GLBP Operation (ARP Request)
Chapter 6
Cisco Public
73
GLBP Operation (ARP Reply)
Chapter 6
Cisco Public
74
GLBP Operation (Traffic Flow)
Chapter 6
Cisco Public
75
GLBP Operations: Failed R1 New Data Path
Chapter 6
Cisco Public
76
GLBP Load-Balancing Options

GLBP supports the following operational modes for load balancing traffic
across multiple default routers that are servicing the same default gateway
IP address:
Weighted load-balancing algorithm
The amount of load that is directed to a router depends on the weighting value that is
advertised by that router.
Host-dependent load-balancing algorithm

A host is guaranteed the use of the same virtual MAC address as long as that virtual
MAC address is participating in the GLBP group.
Round-robin load-balancing algorithm

As clients send ARP requests to resolve the MAC address of the default gateway, the
reply to each client contains the MAC address of the next possible router in a roundrobin fashion. The MAC addresses of all routers take turns being included in address
resolution replies for the default gateway IP address.
To configure the load-balancing option, use the following command:

Switch(config-if)# glbp group load-balancing [ round-robin |
weighted | host-dependent ]
Chapter 6
Cisco Public
77
GLBP Authentication
The key for the MD5 hash can either be given directly in the
configuration using a key string or supplied indirectly
through a key chain.
The key string cannot exceed 100 characters in length.
The following example demonstrates the configuration for
GLBP authentication:
Router(config)# interface Ethernet0/1
Router(config-if)# ip address 10.0.0.1 255.255.255.0
Router(config-if)# glbp 1 authentication md5 key-string
d00b4r987654321a
Router(config-if)# glbp 1 ip 10.0.0.10
Chapter 6
Cisco Public
78
GLBP and STP

With some switching topologies, the operation of STP
results in inefficient traffic paths.
In such cases, implementation of HSRP might be preferred
over GLBP because it is easier to understand, whereas
GLBP provides no advantages.
Chapter 6
Cisco Public
79
Tracking and GLBP

Changing weight affects the AVF election and the loadbalancing algorithm.
Both values can be manipulated with object tracking.
Chapter 6
Cisco Public
80
GLBP Weight
GLBP uses a weighting scheme to determine the forwarding capacity
of each router in the GLBP group.
The weighting that is assigned to a router in the GLBP group can be
used to determine whether it will forward packets and, if so, the
proportion of hosts in the LAN for which it will forward packets.
Thresholds can be set to disable forwarding when the weighting for a
GLBP group falls below a certain value, and when it rises above
another threshold, forwarding is automatically reenabled.
By default, the GLBP virtual forwarder preemptive scheme is enabled
with a delay of 30 seconds.
A backup virtual forwarder can become the AVF if the current AVF
weighting falls below the low weighting threshold for 30 seconds.
To disable the GLBP forwarder preemptive scheme, use the no glbp
forwarder preempt command or change the delay by using the glbp
forwarder preempt delay minimum command.
Chapter 6
Cisco Public
81
GLBP Tracking Detects Interface Failure
Chapter 6
Cisco Public
82
GLBP Weighing Option Under Failures
Chapter 6
Cisco Public
83
GLBP Object Tracking Sample Configuration
Chapter 6
Cisco Public
84
Chapter 6 Summary
The redundancy protocol provides the mechanism for determining which router
should take the active role in forwarding traffic and determining when that role
must be taken over by a standby router .
HSRP is a Cisco proprietary protocol, whereas VRRP is an industry standard for
virtual routing gateways.
HSRP Version 1 and Version 2 active and standby routers send hello messages
to multicast address 224.0.0.2 for Version 1 and 224.0.0.102 for Version 2 on
UDP port 1985.
It is important that the configured active router should be the same as the STP
root bridge.
HSRP and VRRP use the VLAN load-balancing mechanism for load balancing.
With the new RFC, only the Cisco implementation of VRRP supports VRRP
authentication.
GLBP, by default, provides the virtual gateway and load balancing via multiple
virtual MAC addresses.
Review all the configuration examples and troubleshooting steps for better
understanding and for exam preparation.
Chapter 6
Cisco Public
85
Chapter 6 Labs
CCNPv7.1 SWITCH Lab6.1 FHRP HSRP VRRP
CCNPv7.1 SWITCH Lab6.2 HSRPv6
CCNPv7.1 SWITCH Lab6.3 GLBP
Chapter 6
Cisco Public
86
Chapter 6
Cisco Public
87
Acknowledgment
Some of the images and texts are from Implementing Cisco IP Switched
Networks (SWITCH) Foundation Learning Guide: (CCNP SWITCH 300-115) by
Richard Froom and Erum Frahim (1587206641)
Copyright 2015 2016 Cisco Systems, Inc.
Special Thanks to Bruno Silva
Chapter 6
Cisco Public
88

Switch v7 Ch06

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Switch v7 Ch06

Diunggah oleh

Hak Cipta:

Format Tersedia

Chapter 6:

CCNP SWITCH: Implementing Cisco IP Switched

SWITCH v7.1 Chapter 6

Overview of FHRP and HSRP

The need for first-hop redundancy protocols

The Need for First-Hop Redundancy

The Need for First-Hop Redundancy

HSRP Router Roles

HSRP Router Roles

HSRP Active Router Operation

HSRP State Transition

HSRP State Transition

HSRP State Transition

Aligning HSRP with STP Topology

It is a good practice to configure the same Layer 3 switch to be both

Configuring and Tuning HSRP

Configuring and Tuning HSRP

Verify the ARP table

Forwarding Through the Active Router

Make R2 the Active Router

Configure R1s and R2s Ethernet 0/1 HSRP group 1

R1(config)# interface ethernet 0/1

Make R2 the Active Router

Router R2 Failure Scenario

HSRP States After R2 Recover

Load Sharing with HSRP

Multigroup HSRP (MHSRP)

Multigroup HSRP (MHSRP)

The Need for Interface Tracking with HSRP

HSRP Interface Tracking

HSRP has a built-in mechanism for detecting link failures and

HSRP with Interface Tracking On

HSRP Tracking Configuration

HSRP Tracking Configuration Arguments

HSRP and Object Tracking

HSRP With Object Tracking

HSRP and Object Tracking Configuration

Then create an object and track the IP SLA instance:

Then configure HSRP to track an object and decrement

Tracked objects (continue)

Configuring HSRP Authentication

To configure plain-text authentication, use the following

To configure MD5 authentication, use the following interface

Configuring HSRP Authentication

Tuning HSRP Timers

Configuring HSRP Preemption Delay Timers

For example, if the boot time for the distribution device is

Version 1 is a default version on Cisco IOS devices.

Configuring Layer 3 Redundancy with VRRP

The master is the only device that sends advertisements (analogous to

HSRP and VRRP Differences

Configuring VRRP and Spotting the Differences from HSRP

IP Addressing for the VRRP Configuration

Configure R2s Ethernet 0/1 with IP address of 192.168.1.2

Step 2. Configure R2s Ethernet 0/1 with VRRP priority of

Verify the VRRP Status

VRRP and Authentication

Configure MD5 authentication for VRRP on R2s Ethernet 0/1

Tracking and VRRP

Tracking and VRRP Configuration

Configure VRRP to track previously created object and

Configuring Layer 3 Redundancy with GLBP

GLBP AVF (active virtual forwarder)

Comparing GLPB to HSRP